[Openid-specs-ab] RP Testing: "incorrect_behavior" during token exchange

William Denniss wdenniss at google.com
Sun Mar 26 20:03:48 UTC 2017

While running the *rp-response_type-code* test in AppAuth, I'm seeing the
following error while exchanging the authorization code:

HTTP 200
    error = "incorrect_behavior";
    "error_description" = "Failed to verify client";

What does this error mean? It doesn't appear to be a standard error.

Also, the testing server should return HTTP 400 for errors per the spec
<https://tools.ietf.org/html/rfc6749#section-5.2>, not HTTP 200 for errors.

Where is the source code of the tests? Can that location be linked in
http://openid.net/certification/rp_testing/ ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170326/8c719d86/attachment.html>

More information about the Openid-specs-ab mailing list